Change-Id: I8ae417b5f3bd2e19bbddc841bcd99044b8d14467
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485090
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70727}
This reverts commit 757f043130.
Reason for revert: Suspected for a roll failure at https://chromium-review.googlesource.com/c/chromium/src/+/2490026
Original change's description:
> [wasm] Enable --wasm-opt
>
> This CL enables basic optimizations in TurboFan for WebAssembly code,
> like dead code elimination (DeadCodeElimination), constant folding
> (MachineOperatorReducer), and control flow optimizations
> (CommonOperatorReducer).
>
> These optimizations were disabled originally to improve startup time,
> at the expense of slower generated code. However, with Liftoff as the
> baseline compiler, startup time is not so important anymore for
> TurboFan.
>
> R=clemensb@chromium.org
> CC=manoskouk@chromium.org
>
> Change-Id: I2a81f66929c43fbbdfc3625359772c8ea0f2235f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488684
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70691}
TBR=ahaas@chromium.org,clemensb@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: If4cc504cec6bdc4a4cc1d7178003199e99bb66c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494700
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70725}
Rolling v8/build: 27ce505..a941569
Rolling v8/third_party/aemu-linux-x64: dfMpR8E7Ie1gS4Mf_DWloGOmZIegnZWNA0kcMr7jPlkC..qUVP_lovvTAIvdwUUdt2FBZQjKisQycbEzp2A67oxskC
Rolling v8/third_party/android_platform: fc6c684..ef64306
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/982bf51..ef69704
Rolling v8/third_party/depot_tools: b3a1dba..bf66f2d
Rolling v8/third_party/markupsafe: f2fb0f2..0944e71
Rolling v8/tools/clang: df55bc4..151bbd6TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: Id79c6cf673f56c3da93967abff836c041794cddc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2493351
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70724}
This CL can improve the performance of below microbench by ~40%.
// touch worker.js in shell is needed
let json_obj = ${content of v8_trace.json};
let worker = new Worker("worker.js");
let start = performance.now();
for (let i = 0; i < 1e5; i++) {
worker.postMessage(json_obj);
}
console.log(performance.now() - start;
Change-Id: I69b40e4d7e0b49ab90c01c21c5d03b02e292d246
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489329
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#70723}
The test was not flaky. Instead it seems compiiler optimizations discarded
of the test-allocated object such that stack scanning could no longer find it.
Bug: v8:11052
Change-Id: Ie8018ccecb03b22e6c4f2dada3e6663b04c551fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2493160
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70722}
The register that holds the {new_value} for the AtomicCompareExchange8U
has to be a byte register on ia32. There was code to guarantee that, but
after that code there was code that frees the {eax} register, and that
code moved the {new_value} to a different register again. With this CL
we first free {eax}, and then find a byte register for the {new_value}.
R=clemensb@chromium.org
Bug: chromium:1140549
Change-Id: I1679f3f9ab26c5416ea251c7925366ff43336d85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491031
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70721}
Port ba5646046b
Original Commit Message:
The uint32_t type can easily be confused with the memory offsets that
are currently 32 bit and will become 64 bit with the memory64 proposal.
Since the offsets into the instance are always small anyway, the type of
the integer does not really matter, and we should stick to the default
'int'.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Icfc3b4172984c81355ca4b69b67433892cca7408
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491107
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70720}
This reverts half of commit 8f0ab47101.
Reason for revert: some performance regressions, possibly due
to 'leave' needing MSROM on some microarchitectures.
The half that is not reverted is the removal of 'enter'.
Original change's description:
> [ia32,x64] Make more use of the 'leave' instruction
>
> It is a little shorter and cheaper[1] than the equivalent
> "mov sp,bp; pop bp".
>
> Also remove support for the 'enter' instruction, since
> - it is unused,
> - it is neither shorter nor cheaper than the corresponding
> push and mov (in fact more expensive[1]), and
> - our disassembler doesn't support it.
>
> [1] See https://www.agner.org/optimize/instruction_tables.pdf
>
> Change-Id: I6c99c2f3e53081aea55445a54e18eaf45baa79c2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482822
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70660}
TBR=neis@chromium.org,victorgomes@chromium.org
Bug: chromium:1141069
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I5c9ad64ee06b71c93eff256044ce49d1523737fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492327
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70718}
This reverts commit 90ea9b35cb.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20-%20debug/31274?
Original change's description:
> cppgc: Port backing store compaction.
>
> This CL ports the existing backing store compaction algorithm from
> blink. It does not attempt to improve on the existing algorithm.
>
> Currently only unified heap uses the compaction implementation. It is
> never triggered through standalone GCs.
>
> The compaction implementation resides within an internal "subtle" namespace.
>
> Bug: v8:10990
> Change-Id: I4aa781db1b711e7aafc34234c4fb142de84394d7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485228
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70714}
TBR=mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
Change-Id: Iadae1ee0c6c0400f0e1a0a3805be5316a1d4b979
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492330
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70716}
The test WeakContainerTest.ConservativeGCTracesWeakContainer failed on
one of the bots:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20ASAN/29755?
This seems like flakiness related to stack scanning.
Bug: v8:11052
Change-Id: Ia60d64e63a071335c4c3f648a4ba0c1823841617
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492324
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70715}
This CL ports the existing backing store compaction algorithm from
blink. It does not attempt to improve on the existing algorithm.
Currently only unified heap uses the compaction implementation. It is
never triggered through standalone GCs.
The compaction implementation resides within an internal "subtle" namespace.
Bug: v8:10990
Change-Id: I4aa781db1b711e7aafc34234c4fb142de84394d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485228
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70714}
The uint32_t type can easily be confused with the memory offsets that
are currently 32 bit and will become 64 bit with the memory64 proposal.
Since the offsets into the instance are always small anyway, the type of
the integer does not really matter, and we should stick to the default
'int'.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I742334483bbc80c4cc03f40f046b5d2d3b17d1d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489691
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70712}
This CL adds TraceWeakContainer and VisitWeakContainer to the Visitor
api. It also introduces the weak_container_worklist_ used to force
re-tracing of weak containers that are reachable from stack.
Bug: chromium:1056170
Change-Id: I4ba75bd64939b8df9ece7422828a5ac647b03fd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491022
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70708}
Measure time from requesting GC on background thread until the main
thread starts the collection. Also add trace event for the GC on the
background thread.
Bug: v8:10315
Change-Id: I765ce0df8a1c31e4f64661ea8dc0b6a4685a3132
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489681
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70707}
Refactor the {options} output parameter of the fast callback to a
reference, since it can never be nullptr for functions created with
MakeWithFallbackSupport. This allows embedders to spare the nullptr
check.
Bug: chromium:1052746
Change-Id: I3e22f07af4740ebe8522691da51b6addbc980f24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491026
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70706}
Since JS arguments are always reversed now (https://crrev.com/c/2466116), the logic for skipping the arguments adapter is dead.
It has been subsumed by the complete removal of the adaptor frame (https://crrev.com/c/2440098).
Doc: bit.ly/v8-faster-calls-with-arguments-mismatch
Change-Id: Ia02e0807b7d23a9de371650fa6357113e409d338
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489684
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70704}
This is a reland of 517a306933
Original change's description:
> [ic] Append deprecated maps after appending new map
>
> Previously, we would append the deprecated maps and then append the
> new valid map causing minimorphic map checks to miss this new map in
> the case that we exceeded the FLAG_max_minimorphic_map_checks size.
>
> Bug: v8:10582
> Change-Id: Ie3d7da73f7bdbdd822241fae7879817889a72b43
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484513
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70676}
Bug: v8:10582
Change-Id: Ie951f364406063becb659a0151093e6c9f69e0f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491283
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70703}
The Cobalt project has its own Starboard equivalent of libc APIs like
`malloc` and `free`. This CL introduces the wrappers for some libc
functions. In followup CLs, for example occurences of malloc will all
be replaced by base::Malloc in V8.
See b/156155426 for more information.
Bug: v8:10927
Change-Id: Ida3d161a1da56755b681e18b4827e277e6cb4c4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416150
Commit-Queue: John Xu <johnx@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: John Xu <johnx@google.com>
Cr-Commit-Position: refs/heads/master@{#70702}
No major functional changes in this CL, mostly it moves code around
to make follow-up CLs less messy.
- Document Code layout.
- New concepts: 'body' and 'metadata' areas of Code objects. The
metadata area contains metadata tables, the body area includes
both instructions and metadata (this is currently the 'instructions'
area). Add accessors for these new areas.
- An interesting detail: embedded builtins will have non-adjacent
instruction and metadata areas, thus a concept of 'body' doesn't
make sense there.
- Also add raw_instruction_X_future accessors; these are used where
we are actually interested in the instructions range, not the entire
body. In a follow-up, current raw_instruction_X accessors will be
replaced by raw_body_X, and raw_instruction_X_future by
raw_instruction_X.
Bug: v8:11036
Change-Id: I1d85146b652e0c097c3602d4db1862d5d3898a7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491023
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70701}
The offset (also called "address") passed to the atomic builtins was
32-bit until now. With memory64, we will have to also accept 64-bit
values there, or at least values within the allocatable memory range.
This CL thus changes the builtins to receive uintptr values instead of
uint32, and pass them on to the runtime functions as double (as before).
The runtime then casts them back to uintptr_t instead of uint32_t.
Liftoff is extended to zero-extend the uint32 value if needed. TurboFan
already passed a machine-word sized integer before.
Drive-by: Rename some "address" to "offset" to make the semantics more
clear.
R=ahaas@chromium.org
CC=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I66968cc99a908775156c952da46d2f26219ffb58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489685
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70700}
Originally, the Torque-generated verifier for a field with type
Undefined|Zero|NonNullForeign would check `f.IsUndefined() || f.IsZero()
|| f.IsNonNullForeign()`. At some point, we changed Torque so that it
now generates the much weaker `f.IsOddball() || f.IsSmi() ||
f.IsForeign()`. This change returns the verifiers to their initial
precision. Mostly we can use the names of abstract types to build up the
correct type check expression, but a few abstract types like
PodArrayOfWasmValueType have no way that we can tell them apart from
their parent type at runtime. It would be confusing to have a function
Object::IsPodArrayOfWasmValueType which actually just checks whether the
object is a ByteArray, so this change introduces a new annotation which
allows abstract type declarations to state that they should use their
parent type during verification.
This change also adds new test cases to help avoid future regressions of
this logic.
Bug: v8:7793
Change-Id: Ie5046d742fd45e0e0f6c2ba387d909e9f2ac6df1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469960
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70698}
This reverts commit 517a306933.
Reason for revert: regresses perf
Original change's description:
> [ic] Append deprecated maps after appending new map
>
> Previously, we would append the deprecated maps and then append the
> new valid map causing minimorphic map checks to miss this new map in
> the case that we exceeded the FLAG_max_minimorphic_map_checks size.
>
> Bug: v8:10582
> Change-Id: Ie3d7da73f7bdbdd822241fae7879817889a72b43
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2484513
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70676}
TBR=mythria@chromium.org,gsathya@chromium.org
Change-Id: Ifcb45e2cca16929f9f43f0116994f913bfb34730
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491281
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70697}
This reverts commit 61b56d1650.
Reason for revert: Breaks tests on MSVC bot:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15485
Original change's description:
> [wasm-simd] Add more tests for v128 load zero
>
> Add tests for all valid alignments, and using memarg immediate offset
> instead of i32 index.
>
> Also randomize the memory to help catch cases where we are loading more
> than we should, and accidentally get correct values with zero-ed memory.
>
> Bug: v8:10713
> Change-Id: I443c2799ba0d539bf23c63760c08e18c4d36607f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487880
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70693}
TBR=bbudge@chromium.org,zhin@chromium.org
Change-Id: I9391c5e948c528f00dc966bbf33f709da30d1b17
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10713
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2490479
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70694}
Add tests for all valid alignments, and using memarg immediate offset
instead of i32 index.
Also randomize the memory to help catch cases where we are loading more
than we should, and accidentally get correct values with zero-ed memory.
Bug: v8:10713
Change-Id: I443c2799ba0d539bf23c63760c08e18c4d36607f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487880
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70693}
Implements https://github.com/tc39/ecma262/pull/2154, which allows
module export names to be string literals.
Semantics highlights:
- It is a SyntaxError for string literal export names to have unpaired
UTF16 surrogates.
- It is a SyntaxError for string literal export names to be used as
the local name without being followed by a 'from' clause. For example,
`export { "foo" }` and `export { "foo" as "bar" }` are errors, but
`export { "foo" } from "./module.js"` is allowed.
The remaining failing test262 test is wrong:
https://github.com/tc39/test262/issues/2866
Bug: v8:10964
Change-Id: Ib3e06e1ee6b3f1b60ed7f24e21902e17ddfc0351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2482335
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70692}
This CL enables basic optimizations in TurboFan for WebAssembly code,
like dead code elimination (DeadCodeElimination), constant folding
(MachineOperatorReducer), and control flow optimizations
(CommonOperatorReducer).
These optimizations were disabled originally to improve startup time,
at the expense of slower generated code. However, with Liftoff as the
baseline compiler, startup time is not so important anymore for
TurboFan.
R=clemensb@chromium.orgCC=manoskouk@chromium.org
Change-Id: I2a81f66929c43fbbdfc3625359772c8ea0f2235f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488684
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70691}
XMM registers/operands can be mixed with normal operands. We introduce 4
new enums to handle this case:
- xmmreg, oper
- oper, xmmreg
- xmmreg, xmmoper
- xmmoper, xmmreg
The different between op and xmmop is what type of register to print if
the modrm byte ends up decoding into a register.
The only difference between the output of the DisasmX64 test is pinsrd,
pinsrq, and pshuflw which had extras spaces. This is fixed with this
patch.
Test: cctest test-disasm-x64/DisasmX64 --random-seed=-1547905187
Bug: v8:10933
Change-Id: I2904c0fe83579e8df83ff2f304409278f1874c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480619
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70690}
cmpi only takes in a 16 bit signed integer. For larger
inputs we must use cmp with a register input.
Change-Id: I318d714930553fbad4c34097c7530055308f331a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2490460
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70689}
Liftoff can currently run out of registers when compiling an atomic
compare-exchange instruction. In order to see this crash, the following
conditions must be met:
- The offset in the instruction doesn't fit in a 12-bit immediate
- Either FLAG_untrusted_code_mitigations is false, or trap handlers are
enabled, so that AddMemoryMasking decides to do nothing
The fix proposed in this CL is just to defer allocation of a temporary
register until after CalculateActualAddress has finished, because it
might have also needed a temporary register.
Change-Id: I28225614dcdbe2bcc9e52208f1e806baac89c5f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488840
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70687}
Using the GraphAssembler instead of creating nodes "manually" results in
much smaller code. This allows us then to use ternary operators to make
the implementation even more concise.
R=ahaas@chromium.org
Bug: v8:10123
Change-Id: I154ffb436f414da14e932138911f35d251363083
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489686
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70686}
There were some cleanups to be done after crrev.com/c/v8/v8/+/2472000/
was merged.
Bug: v8:10799
Change-Id: I09bc2d123f89b88c74c3aecfa97c82d1925a1f2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488686
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70685}
This trap now used for all runtime type errors thrown when interfacing
with JS. Its name and message have been changed to reflect this.
Additional change: Remove the trap from the list of traps used
exclusively for RuntimeError (as opposed to TypeError) in
wasm-module-builder.js.
Change-Id: I517766837a60d94b562d4c0de922d52db786b635
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488688
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70682}
Follow the marker pattern where actual logic is moved into a dedicated
state class and the visitors merely forward to that class.
Change-Id: Id3c6b7414343da82759bdba3dbb8286adee44cf4
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480502
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70680}
Bug: chromium:1139782,v8:10765
Change-Id: I417cd037b2587599b925cce08d8652b2df1985ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2488687
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Cr-Commit-Position: refs/heads/master@{#70679}
